Process for "Policy forbids issuing for name" Errors?


#1

Hello,

Is there a process for handling “Policy forbids issuing for name” errors? We control many subdomains for our clients (delegated via CNAME) and would love to secure them using LE. However, some of them run into “Policy forbids issuing for name” errors. Is the full blacklist published anywhere so we can check to see if there is going to be an issue ahead of time (before deployment)? Is there a process in place for removing items from that list?

Thanks!


Request to check Domain Name status
Domain on Restricted List - LetsEncrypt Not Able to Issue Certificate
#2

The blacklist isn’t currently published, no.

If you let us know the domains in question here, then they can be reviewed and removed.


#3

Thanks for the reply! The domain in question is stores.bestbuy.com.


#4

@cpu should be able to help you out shortly :slight_smile:


#5

Sounds like an actual rather high-value and high-profile name to me! I’m not surprised to see it on the blacklist in this case.

Hopefully @cpu can help you with issuance for that name.


#6

Apologies for the delays - I was out of office last week and this one didn’t bubble up to my colleagues.

That’s correct - I will have to inquire about what the process is for this case. Typically this happens as a result of an unintended permutation which isn’t what’s happened here.

@mhupman I’ll update this thread when I know more about next steps/timelines. Thanks for your patience!


#7

@cpu Understood - please let me know if you need any further information from me. Thanks!


#8

I reached out via DM to help move the process along.

Thanks for everyone in the thread for helping route this request to the right place.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.